When a user involved in an ongoing session in a network moves between access networks, a handover from one access network to another is required. This handover can be between different types of access network (for example, mobile networks may include GSM or WCDMA, and fixed line networks may include WLAN, WiMAX, xDSL). The handover should be as efficient as possible to allow the session to continue with minimal disruption to the user. However, it is also important that during and after a handover, security is maintained and only the authenticated user can access the session. When a user moves between access networks, it is required that the user is re-authenticated in the new access network. This ensures that charging of the user is correct, and reduces the risk of a session being hijacked by a malicious third party during handover.
The Extensible Authentication Protocol (EAP) is a protocol used in many different types of wireless networks and Point-to-Point networks, and is a universal authentication framework (see RFC 3748). EAP is not an authentication mechanism, but an authentication framework that provides common functions for the authentication mechanism. In this specification, EAP refers to various different EAP protocols such as EAP-AKA (EAP Authentication and Key Agreement for UMTS Subscriber Identity Module), EAP-SIM (EAP for GSM Subscriber Identity Module), and EAP TLS, etc.
As currently specified, EAP is an end-to-end protocol between the peer (user) and a so-called authenticator (the entity desiring to authenticate the user). While the role of authenticator may reside in an entity other than the user's home authentication server, the user's home authentication server still needs to be involved as a “back-end”. This is because EAP does not require that the authenticator “understands” the actual EAP authentication method. This intelligence is assumed to be present only in the user's home authentication server which holds a copy of the necessary authentication data/user credentials, etc. Consequently, a full EAP authentication can only be performed by involving the user's home network, and requires a great deal of signalling between the client terminal and the home network, as illustrated in FIG. 1. FIG. 1 does not show the typical presence of one or more proxies between the WLAN Access Network (AN) and the Access, Authorisation and Accounting (AAA) server. This can make the authentication process after a handover to a new access network slow and noticeable to the user. EAP also provides a “fast re-authentication” procedure, as illustrated in FIG. 2, but again this requires signalling-intensive communication with the user's home network, and as can be seen in FIG. 2, the reduction in signalling overhead is not dramatic. At typical round-trip-times (RTT), say 100 ms transatlantic RTT, even fast re-authentication could cause a noticeable disturbance in an on-going service when a user switches from one AN to another. There is a need to improve the efficiency of authentication when a user moves between access networks.
Inter-access hand-overs are typically managed in one of two ways: network centric or terminal centric. In the network centric approach, the network has significant “knowledge” of the different accesses attached and can therefore perform a so-called “smart” hand-over. For instance, the network can detect that a terminal would be better served using a different access network, and can therefore perform a prepared handover. The terminal moves between access networks on the instructions of the network and, more importantly, the network expects the presence of the terminal on the new access network. For instance, the terminal identity and associated key(s) have already been determined. Existing 3GPP-specific accesses such as UTRAN and GERAN are examples of network centric handovers. A drawback of network centric handovers is that different access networks need to be tightly integrated with the network.
An article XINLIANG ZHENG ET AL: “A Dual Authentication Protocol for IEEE 802.11 Wireless LANs”, 5 Sep. 2005, discusses the problem of vulnerability of IEEE 802.11 wireless LANs in which a compromised access point can still authenticate itself to a wireless station and gain control over the connection. A protocol is therefore suggested that provide authentication for both wireless stations and access points during both an initial connection stage and a roaming situation.
An article HUNG-YU LIN ET AL: “Authentication in Wireless Communications”, 29 Nov. 1993, discloses two authentication protocols to provide services such as message confidentiality, caller ID confidentiality, call intractability and fraud control.